Clarify the usage of ALLOW_INSECURE_LOGIN

[skiadas]

Currently the ALLOW_INSECURE_LOGIN variable has a somewhat strange behavior. If it is set at all, the bases/rsptx/web2py_server/applications/runestone/models/db.py file uses it to determine that the access token should be set to be not secure. At the same time, the docker-compose.yml file sets this variable to have a default value, which automatically triggers the above solution.

With this proposed change:

• The db.py file now checks to see if the variable equals the strings True or Yes (in any casing) and only then sets the access token to be not secure.
• The variable is set in the sample.env file to be False.
• The docker-compose.yml file still initializes this variable to True, for that default behavior when a .env file is not yet set, or the variable is not present there for some reason.